Re: nmap 6.47 compile failure on AIX 7100-03

[Daniel Miller <bonsaiviking () gmail com>]

On Wed, Sep 10, 2014 at 12:05 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:

> * Features involving libpcap do not seem to work outside localhost, but
> that may be an artifact of my environment. If you can, please try this
> command out (as root) and reply with the output: nmap -A -d
> scanme.nmap.org

Looking for a response from some other devs on the mailing list for this
one:

Ok, the reason this is failing on my system is that the SYNACK response has
some odd TCP options that fail validation in validateTCPhdr() in tcpip.cc.
Specifically, the options section is:

0204 0564 010e 0303

with a 2-byte trailer outside the packet boundary that is random. The "0204
0564" is MSS, and parses just fine. Then there's a NOP "01" followed by an
unknown option "0e". validateTCPhdr() skips this like a NOP, then finds
"0303" which is Window Scale and should be followed by a 1-byte value.
However, that's the end of the packet and so it's invalid.
Wireshark/tcpdump treat "0e" as an "unknown option" and assume it takes up
the next 2 bytes (or the rest of the packet).

Given this, perhaps we should adopt a similar validation mechanism? The
extra data appears to be added to SYNACK responses to -sT, also, and those
work just fine, so it's not hampering a TCP connection. Thoughts?

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/